Re: sniffer detection on switched based networks

From: Rob McMillen (rvmcmil@cablespeed.com)
Date: 02/06/03

  • Next message: Brett Harris: "Re: sniffer detection on switched based networks"
    Date: Wed, 5 Feb 2003 18:13:13 -0500 (EST)
    From: Rob McMillen <rvmcmil@cablespeed.com>
    To: Sangram <sangram@mahindrabt.com>
    
    

    Take a look at snort's arpspoof preprocessor plugin.

    On Wed, 5 Feb 2003, Sangram wrote:

    > Hi,
    >
    > As we know sniffing on swithch based networks is not easy (ignoring the
    > monitor port of the switch). Usually a arp spoof, DNS spoof or other such
    > attacks have to be launched. There are tools like Dsniff which can
    > accomplish this task quite easily.
    > Now what I would like to know is there any method / tool or snort ids rule
    > set which can detect such sniffers on systems esp on switch based networks.
    > And here I am talking of large corporate ethernet networks. The
    > considerations are that I dont want to over load the network by probing each
    > w/s indivisually. And if the process is automated it would be all the more
    > better.
    >
    > Regards
    >
    > Sangram Gayal
    > Associate Consultant
    > Enterprise Security Consulting Group
    > Mahindra - British Telecom Ltd.
    >
    > *********************************************************
    > Disclaimer
    >
    > This message (including any attachments) contains
    > confidential information intended for a specific
    > individual and purpose, and is protected by law.
    > If you are not the intended recipient, you should
    > delete this message and are hereby notified that
    > any disclosure, copying, or distribution of this
    > message, or the taking of any action based on it,
    > is strictly prohibited.
    >
    > *********************************************************
    > Visit us at http://www.mahindrabt.com
    >
    >
    >
    >



    Relevant Pages

    • sniffer detection on switched based networks
      ... Usually a arp spoof, ... set which can detect such sniffers on systems esp on switch based networks. ... Enterprise Security Consulting Group ...
      (Focus-IDS)
    • Re: Prevent ARP spoof
      ... Subject: Prevent ARP spoof ... centipede. ... Ashish Gupta wrote: ... >Is there a way to prevent arp spoofs on the networks? ...
      (Security-Basics)
    • Re: Prevent ARP spoof
      ... Subject: Prevent ARP spoof ... On Mon, 10 Sep 2001, Ashish Gupta wrote: ... > Is there a way to prevent arp spoofs on the networks? ... Static Arp ...
      (Security-Basics)